Esempio n. 1
0
void handle_sha1(array_t *out, bio_t *in) {
  sha1_ctx_t ctx;
  char hex[sizeof(ctx.hash) * 2];
  size_t r;
  
  sha1_init(&ctx);
  
  do {
    r = bio_feed(in);
    sha1_update(&ctx, BIO_PEEK(in), r);
    BIO_SEEK(in, r);
  } while (r > 0);
  
  sha1_finish(&ctx);
  
  array_append(out, hex, fmt_hex_pad(hex, ctx.hash, sizeof(ctx.hash)));
  array_append_null(out);
}
Esempio n. 2
0
File: sha.c Progetto: drufino/minTLS
// Retrieve the tag
size_t mintls_hash_finish(
    mintls_hash_context *   ctx,            // (I/O) Context
    uint8_t *               tag             // (O) Tag
)
{
    switch (ctx->type)
    {
    case MinTLS_SHA_160:
        return sha1_finish((struct sha1_ctx *)ctx,tag);
    case MinTLS_SHA_256:
    case MinTLS_SHA_224:
        return sha2_finish((struct sha2_ctx *)ctx,tag);
    case MinTLS_SHA_384:
    case MinTLS_SHA_512:
        return sha4_finish((struct sha4_ctx *)ctx,tag);
    default:
        return 0;
    }
}
Esempio n. 3
0
/*
 * SHA-1 HMAC context setup
 */
void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key,
                       size_t keylen )
{

    if( keylen > 64 )	// Key shortened if greater than BLOCK SIZE (64 bytes)
    {
    	sha1_context cty;
    	sha1_init(&cty);
    	sha1_starts(&cty);
        sha1_update(&cty, key, keylen);	// Get the 20 char digest of the key
        sha1_finish(&cty, ctx->key);	// Store the digest in ctx.key
        sha1_free(&cty);
        ctx->keyLen = 20;
    }
    else {
    	ctx->keyLen = keylen;			// Use the key as is
		memcpy(ctx->key, key, keylen);	// Store the key in ctx.key
    }

}
Esempio n. 4
0
static void processFile(int fd, const char *filename)
{
	sha1_ctx_t sha1;
	byte bigbuf[4096];
	int n;

	sha1_init(&sha1);

	while ((n = read(fd, bigbuf, sizeof(bigbuf))) > 0)
		sha1_process(&sha1, bigbuf, n);
	if (n == -1) {
		fprintf(stderr, "Error occured during reading %s: %s\n", filename, strerror(errno));
		return;
	}

	sha1_finish(&sha1);
	for (n = 0; n < 20; n++)
		printf("%02x", sha1.buf[n]);
	printf(" %s\n", filename);
}
Esempio n. 5
0
/**
 * @brief Create content hash key for a byte array
 *
 * Create a content hash key for the given buffer and size.
 *
 * @param key pointer to the receiving chkey_t
 * @param buff byte array of data to hash
 * @param size size of byte array to has
 *
 * @result zero on success
 */
int key_chk(chkey_t *key, const void *buff, size_t size)
{
	key_state_t ks;
	FUN("key_chk");

	sha1_init(&ks.ss);
	sha1_append(&ks.ss, buff, size);
	sha1_finish(&ks.ss, &key->sha1);

	key->log2size = log2size(size);

	key->type[0] = MSB(K_CHK);
	key->type[1] = LSB(K_CHK);

	ek5_init(&ks.es);
	ek5_append(&ks.es, buff, size);
	ek5_finish(&ks.es, &key->ek5);

	key->padding = 0;

	return 0;
}
Esempio n. 6
0
/**
 * @brief Create the public SSK for a private SSK
 *
 * Create a public key from a private key,
 * simply by hashing the hex string of the SHA1 digest.
 *
 * @param key pointer to a key to receive the public SSK
 * @param ssk pointer to a key containing a private SSK
 *
 * @result zero on success
 */
int key_ssk_pub_from_priv(chkey_t *key, const chkey_t *ssk)
{
	char hex[SHA1SIZE*2+1];
	sha1_state_t sha1;
	size_t size;
	FUN("key_ssk_pub_from_priv");

	size = pm_snprintf(hex, sizeof(hex), "%s",
		sha1_hexstr(&ssk->sha1));

	sha1_init(&sha1);
	sha1_append(&sha1, hex, size);
	sha1_finish(&sha1, &key->sha1);

	key->type[0] = MSB(K_SSK_P);
	key->type[1] = LSB(K_SSK_P);
	key->log2size = log2size(size);

	memset(&key->ek5, 0, sizeof(key->ek5));

	return 0;
}
Esempio n. 7
0
int main(int argc, char *argv[])
{
    int res = EXIT_FAILURE;
    int buflen;
    int err;
    struct stat st;
    char *buf;
    struct planex_hdr *hdr;
    sha1_context ctx;
    uint32_t t = HOST_TO_BE32(2);

    FILE *outfile, *infile;

    progname = basename(argv[0]);

    while ( 1 ) {
        int c;

        c = getopt(argc, argv, "i:o:v:h");
        if (c == -1)
            break;

        switch (c) {
        case 'i':
            ifname = optarg;
            break;
        case 'o':
            ofname = optarg;
            break;
        case 'v':
            version = optarg;
            break;
        case 'h':
            usage(EXIT_SUCCESS);
            break;
        default:
            usage(EXIT_FAILURE);
            break;
        }
    }

    if (ifname == NULL) {
        ERR("no input file specified");
        goto err;
    }

    if (ofname == NULL) {
        ERR("no output file specified");
        goto err;
    }

    err = stat(ifname, &st);
    if (err) {
        ERRS("stat failed on %s", ifname);
        goto err;
    }

    buflen = (st.st_size + 3) & ~3;
    buflen += sizeof(*hdr);

    buf = malloc(buflen);
    if (!buf) {
        ERR("no memory for buffer\n");
        goto err;
    }

    memset(buf, 0xff, buflen);
    hdr = (struct planex_hdr *)buf;

    hdr->datalen = HOST_TO_BE32(buflen - sizeof(*hdr));
    hdr->unk1[0] = 0x04;
    hdr->unk1[1] = 0x08;

    snprintf(hdr->version, sizeof(hdr->version), "%s", version);

    infile = fopen(ifname, "r");
    if (infile == NULL) {
        ERRS("could not open \"%s\" for reading", ifname);
        goto err_free;
    }

    errno = 0;
    fread(buf +  sizeof(*hdr), st.st_size, 1, infile);
    if (errno != 0) {
        ERRS("unable to read from file %s", ifname);
        goto err_close_in;
    }

    sha1_starts(&ctx);
    sha1_update(&ctx, (uchar *) &t, sizeof(t));
    sha1_update(&ctx, buf + sizeof(*hdr), buflen - sizeof(*hdr));
    sha1_finish(&ctx, hdr->sha1sum);

    outfile = fopen(ofname, "w");
    if (outfile == NULL) {
        ERRS("could not open \"%s\" for writing", ofname);
        goto err_close_in;
    }

    errno = 0;
    fwrite(buf, buflen, 1, outfile);
    if (errno) {
        ERRS("unable to write to file %s", ofname);
        goto err_close_out;
    }

    res = EXIT_SUCCESS;

out_flush:
    fflush(outfile);

err_close_out:
    fclose(outfile);
    if (res != EXIT_SUCCESS) {
        unlink(ofname);
    }

err_close_in:
    fclose(infile);

err_free:
    free(buf);

err:
    return res;
}
Esempio n. 8
0
	/* Restore the checksum before writing */
	hdr->prolog_checksum = checksum_ref;
	printf("Image checksum...OK!\n");

	return 0;
}
#elif defined(CONFIG_ARMADA_3700) /* Armada 3700 */
static int check_image_header(void)
{
	struct common_tim_data *hdr = (struct common_tim_data *)get_load_addr();
	int image_num;
	u8 hash_160_output[SHA1_SUM_LEN];
	u8 hash_256_output[SHA256_SUM_LEN];
	sha1_context hash1_text;
	sha256_context hash256_text;
	u8 *hash_output;
	u32 hash_algorithm_id;
	u32 image_size_to_hash;
	u32 flash_entry_addr;
	u32 *hash_value;
	u32 internal_hash[HASH_SUM_LEN];
	const u8 *buff;
	u32 num_of_image = hdr->num_images;
	u32 version = hdr->version;
	u32 trusted = hdr->trusted;

	/* bubt checksum validation only supports nontrusted images */
	if (trusted == 1) {
		printf("bypass image validation, ");
		printf("only untrusted image is supported now\n");
		return 0;
	}
	/* only supports image version 3.5 and 3.6 */
	if (version != IMAGE_VERSION_3_5_0 && version != IMAGE_VERSION_3_6_0) {
		printf("Error: Unsupported Image version = 0x%08x\n", version);
		return -ENOEXEC;
	}
	/* validate images hash value */
	for (image_num = 0; image_num < num_of_image; image_num++) {
		struct mvebu_image_info *info =
				(struct mvebu_image_info *)(get_load_addr() +
				sizeof(struct common_tim_data) +
				image_num * sizeof(struct mvebu_image_info));
		hash_algorithm_id = info->hash_algorithm_id;
		image_size_to_hash = info->image_size_to_hash;
		flash_entry_addr = info->flash_entry_addr;
		hash_value = info->hash;
		buff = (const u8 *)(get_load_addr() + flash_entry_addr);

		if (image_num == 0) {
			/*
			 * The first image includes hash values in its content.
			 * For hash calculation, we need to save the original
			 * hash values to a local variable that will be
			 * copied back for comparsion and set all zeros to
			 * the orignal hash values for calculating new value.
			 * First image original format :
			 * x...x (datum1) x...x(orig. hash values) x...x(datum2)
			 * Replaced first image format :
			 * x...x (datum1) 0...0(hash values) x...x(datum2)
			 */
			memcpy(internal_hash, hash_value,
			       sizeof(internal_hash));
			memset(hash_value, 0, sizeof(internal_hash));
		}
		if (image_size_to_hash == 0) {
			printf("Warning: Image_%d hash checksum is disabled, ",
			       image_num);
			printf("skip the image validation.\n");
			continue;
		}
		switch (hash_algorithm_id) {
		case SHA1_SUM_LEN:
			sha1_starts(&hash1_text);
			sha1_update(&hash1_text, buff, image_size_to_hash);
			sha1_finish(&hash1_text, hash_160_output);
			hash_output = hash_160_output;
			break;
		case SHA256_SUM_LEN:
			sha256_starts(&hash256_text);
			sha256_update(&hash256_text, buff, image_size_to_hash);
			sha256_finish(&hash256_text, hash_256_output);
			hash_output = hash_256_output;
			break;
		default:
			printf("Error: Unsupported hash_algorithm_id = %d\n",
			       hash_algorithm_id);
			return -ENOEXEC;
		}
		if (image_num == 0)
			memcpy(hash_value, internal_hash,
			       sizeof(internal_hash));
		if (memcmp(hash_value, hash_output, hash_algorithm_id) != 0) {
			printf("Error: Image_%d checksum is not correct\n",
			       image_num);
			return -ENOEXEC;
		}
	}
	printf("Image checksum...OK!\n");

	return 0;
}
Esempio n. 9
0
SEXP digest(SEXP Txt, SEXP Algo, SEXP Length, SEXP Skip, SEXP Leave_raw) {
  FILE *fp=0;
  char *txt;
  int algo = INTEGER_VALUE(Algo);
  int  length = INTEGER_VALUE(Length);
  int skip = INTEGER_VALUE(Skip);
  int leaveRaw = INTEGER_VALUE(Leave_raw);
  SEXP result = NULL;
  char output[128+1], *outputp = output;    /* 33 for md5, 41 for sha1, 65 for sha256, 128 for sha512; plus trailing NULL */
  int nChar;
  int output_length = -1;
  if (IS_RAW(Txt)) { /* Txt is either RAW */
    txt = (char*) RAW(Txt);
    nChar = LENGTH(Txt);
  } else { /* or a string */
    txt = (char*) STRING_VALUE(Txt);
    nChar = strlen(txt);
  }
  if (skip>0) {
    if (skip>=nChar) nChar=0;
    else {
      nChar -= skip;
      txt += skip;
    }
  }
  if (length>=0 && length<nChar) nChar = length;
  
  switch (algo) {
  case 1: {     /* md5 case */
    md5_context ctx;
    output_length = 16;
    unsigned char md5sum[16];
    int j;
    md5_starts( &ctx );
    md5_update( &ctx, (uint8 *) txt, nChar);
    md5_finish( &ctx, md5sum );
    memcpy(output, md5sum, 16);

    if (!leaveRaw)
      for(j = 0; j < 16; j++) 
        sprintf(output + j * 2, "%02x", md5sum[j]);
        
    break;
  }
  case 2: {     /* sha1 case */
    int j;
    sha1_context ctx;
    output_length = 20;
    unsigned char sha1sum[20];

    sha1_starts( &ctx );
    sha1_update( &ctx, (uint8 *) txt, nChar);
    sha1_finish( &ctx, sha1sum );
    memcpy(output, sha1sum, 20);

    if (!leaveRaw)
      for( j = 0; j < 20; j++ ) 
        sprintf( output + j * 2, "%02x", sha1sum[j] );

    break;
  }
  case 3: {     /* crc32 case */
    unsigned long val, l;
    l = nChar;

    val  = digest_crc32(0L, 0, 0);
    val  = digest_crc32(val, (unsigned char*) txt, (unsigned) l);
      
    sprintf(output, "%2.2x", (unsigned int) val);

    break;
  }
  case 4: {     /* sha256 case */
    int j;
    sha256_context ctx;
    output_length = 32;
    unsigned char sha256sum[32];

    sha256_starts( &ctx );
    sha256_update( &ctx, (uint8 *) txt, nChar);
    sha256_finish( &ctx, sha256sum );
    memcpy(output, sha256sum, 32);

    if(!leaveRaw)
      for( j = 0; j < 32; j++ ) 
        sprintf( output + j * 2, "%02x", sha256sum[j] );

    break;
  }
  case 5: {     /* sha2-512 case */
    int j;
    SHA512_CTX ctx;
    output_length = SHA512_DIGEST_LENGTH;
    uint8_t sha512sum[output_length], *d = sha512sum;

    SHA512_Init(&ctx);
    SHA512_Update(&ctx, (uint8 *) txt, nChar);
    // Calling SHA512_Final, because SHA512_End will already
    // convert the hash to a string, and we also want RAW
    SHA512_Final(sha512sum, &ctx);
    memcpy(output, sha512sum, output_length);

    // adapted from SHA512_End
    if(!leaveRaw) {
      for (j = 0; j < output_length; j++) {
        *outputp++ = sha2_hex_digits[(*d & 0xf0) >> 4];
        *outputp++ = sha2_hex_digits[*d & 0x0f];
        d++;
      }
      *outputp = (char)0;
    }
    break;
  }
  case 101: {     /* md5 file case */
    int j;
    md5_context ctx;
    output_length = 16;
    unsigned char buf[1024];
    unsigned char md5sum[16];

    if (!(fp = fopen(txt,"rb"))) {
      error("Cannot open input file: %s", txt);
      return(NULL);
    }
    if (skip > 0) fseek(fp, skip, SEEK_SET);
    md5_starts( &ctx );
    if (length>=0) {  
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0 
             && length>0) {
        if (nChar>length) nChar=length;
        md5_update( &ctx, buf, nChar );
        length -= nChar;
      }
    } else {
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0) 
        md5_update( &ctx, buf, nChar );
    }
    fclose(fp);
    md5_finish( &ctx, md5sum );
    memcpy(output, md5sum, 16);
    if (!leaveRaw)
      for(j = 0; j < 16; j++) 
        sprintf(output + j * 2, "%02x", md5sum[j]);
    break;
  }
  case 102: {     /* sha1 file case */
    int j;
    sha1_context ctx;
    output_length = 20;
    unsigned char buf[1024];
    unsigned char sha1sum[20];
      
    if (!(fp = fopen(txt,"rb"))) {
      error("Cannot open input file: %s", txt);
      return(NULL);
    }
    if (skip > 0) fseek(fp, skip, SEEK_SET);
    sha1_starts ( &ctx );
    if (length>=0) {  
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0 
             && length>0) {
        if (nChar>length) nChar=length;
        sha1_update( &ctx, buf, nChar );
        length -= nChar;
      }
    } else {
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0) 
        sha1_update( &ctx, buf, nChar );
    }
    fclose(fp);
    sha1_finish ( &ctx, sha1sum );
    memcpy(output, sha1sum, 20);
    if(!leaveRaw)
      for( j = 0; j < 20; j++ ) 
        sprintf( output + j * 2, "%02x", sha1sum[j] );
    break;
  }
  case 103: {     /* crc32 file case */
    unsigned char buf[1024];
    unsigned long val;
      
    if (!(fp = fopen(txt,"rb"))) {
      error("Cannot open input file: %s", txt);
      return(NULL);
    }
    if (skip > 0) fseek(fp, skip, SEEK_SET);
    val  = digest_crc32(0L, 0, 0);
    if (length>=0) {  
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0 
             && length>0) {
        if (nChar>length) nChar=length;
        val  = digest_crc32(val , buf, (unsigned) nChar);
        length -= nChar;
      }
    } else {
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0) 
        val  = digest_crc32(val , buf, (unsigned) nChar);
    }
    fclose(fp);      
    sprintf(output, "%2.2x", (unsigned int) val);
    break;
  }
  case 104: {     /* sha256 file case */
    int j;
    sha256_context ctx;
    output_length = 32;
    unsigned char buf[1024];
    unsigned char sha256sum[32];
      
    if (!(fp = fopen(txt,"rb"))) {
      error("Cannot open input file: %s", txt);
      return(NULL);
    }
    if (skip > 0) fseek(fp, skip, SEEK_SET);
    sha256_starts ( &ctx );
    if (length>=0) {  
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0 
             && length>0) {
        if (nChar>length) nChar=length;
        sha256_update( &ctx, buf, nChar );
        length -= nChar;
      }
    } else {
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0) 
        sha256_update( &ctx, buf, nChar );
    }
    fclose(fp);
    sha256_finish ( &ctx, sha256sum );
    memcpy(output, sha256sum, 32);
    if(!leaveRaw)
      for( j = 0; j < 32; j++ ) 
        sprintf( output + j * 2, "%02x", sha256sum[j] );
    break;
  }
  case 105: {     /* sha2-512 file case */
    int j;
    SHA512_CTX ctx;
    output_length = SHA512_DIGEST_LENGTH;
    uint8_t sha512sum[output_length], *d = sha512sum;

    unsigned char buf[1024];

    if (!(fp = fopen(txt,"rb"))) {
      error("Cannot open input file: %s", txt);
      return(NULL);
    }
    if (skip > 0) fseek(fp, skip, SEEK_SET);
    SHA512_Init(&ctx);
    if (length>=0) {
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0
             && length>0) {
        if (nChar>length) nChar=length;
        SHA512_Update( &ctx, buf, nChar );
        length -= nChar;
      }
    } else {
      while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0)
        SHA512_Update( &ctx, buf, nChar );
    }
    fclose(fp);

		// Calling SHA512_Final, because SHA512_End will already
		// convert the hash to a string, and we also want RAW
		SHA512_Final(sha512sum, &ctx);
		memcpy(output, sha512sum, output_length);

		// adapted from SHA512_End
		if(!leaveRaw) {
		  for (j = 0; j < output_length; j++) {
        *outputp++ = sha2_hex_digits[(*d & 0xf0) >> 4];
        *outputp++ = sha2_hex_digits[*d & 0x0f];
        d++;
		  }
            *outputp = (char)0;

		}
    break;
  }

  default: {
    error("Unsupported algorithm code");
    return(NULL);
  }  
  }

  if (leaveRaw && output_length > 0) {
    PROTECT(result=allocVector(RAWSXP, output_length));
    memcpy(RAW(result), output, output_length);
  } else {
    PROTECT(result=allocVector(STRSXP, 1));
    SET_STRING_ELT(result, 0, mkChar(output));
  }
  UNPROTECT(1);

  return result;
}
Esempio n. 10
0
File: sess.c Progetto: 6wei/jabberd2
sess_t sess_start(sm_t sm, jid_t jid) {
    pool_t p;
    user_t user;
    sess_t sess, scan;
    sha1_state_t sha1;
    unsigned char hash[20];
    int replaced = 0;

    log_debug(ZONE, "session requested for %s", jid_full(jid));

    /* check whether it is to serviced domain */
    if(xhash_get(sm->hosts, jid->domain) == NULL) {
        log_write(sm->log, LOG_ERR, "request to start session in non-serviced domain: jid=%s", jid_full(jid));
        return NULL;
    }

    /* get user data for this guy */
    user = user_load(sm, jid);

    /* unknown user */
    if(user == NULL) {
        if(config_get(sm->config, "user.auto-create") == NULL) {
            log_write(sm->log, LOG_NOTICE, "user not found and user.auto-create not enabled, can't start session: jid=%s", jid_full(jid));
            return NULL;
        }

        log_debug(ZONE, "auto-creating user %s", jid_user(jid));

        if(user_create(sm, jid) != 0)
            return NULL;

        user = user_load(sm, jid);
        if(user == NULL) {
            log_write(sm->log, LOG_NOTICE, "couldn't load user, can't start session: jid=%s", jid_full(jid));
            return NULL;
        }
    }

    /* kill their old session if they have one */
    for(scan = user->sessions; scan != NULL; scan = scan->next)
        if(jid_compare_full(scan->jid, jid) == 0) {
            log_debug(ZONE, "replacing session %s (%s)", jid_full(jid), scan->c2s_id);

            /* !!! this "replaced" stuff is a hack - its really a subaction of "ended".
             *     hurrah, another control protocol rewrite is needed :(
             */
            sm_c2s_action(scan, "replaced", NULL);

            _sess_end_guts(scan);

            pool_free(scan->p);

            replaced = 1;

            break;
        }

    /* make a new session */
    p = pool_new();

    sess = (sess_t) pmalloco(p, sizeof(struct sess_st));
    sess->p = p;

    /* fill it out */
    sess->pri = 0;
    sess->user = user;

    sess->jid = jid_dup(jid);
    pool_cleanup(sess->p, (void (*))(void *) jid_free, sess->jid);

    /* a place for modules to store stuff */
    sess->module_data = (void **) pmalloco(sess->p, sizeof(void *) * sess->user->sm->mm->nindex);

    /* add it to the list */
    sess->next = user->sessions;
    user->sessions = sess;

    /* who c2s should address things to */
    sha1_init(&sha1);
    datetime_out(time(NULL), dt_DATETIME, sess->sm_id, 41);
    sha1_append(&sha1, sess->sm_id, strlen(sess->sm_id));
    sha1_append(&sha1, jid_full(sess->jid), strlen(jid_full(sess->jid)));
    sha1_finish(&sha1, hash);
    hex_from_raw(hash, 20, sess->sm_id);

    log_debug(ZONE, "smid is %s", sess->sm_id);

    /* remember it */
    xhash_put(sm->sessions, sess->sm_id, sess);

    /* inform the modules */
    /* !!! catch the return value - if its 1, don't let them in */
    mm_sess_start(sm->mm, sess);

    if(replaced)
        log_write(sm->log, LOG_NOTICE, "session replaced: jid=%s", jid_full(sess->jid));
    else
        log_write(sm->log, LOG_NOTICE, "session started: jid=%s", jid_full(sess->jid));
            
    return sess;
}
Esempio n. 11
0
int ssl_derive_keys(ssl_context * ssl)
{
	size_t i;
	md5_context md5;
	sha1_context sha1;
	uint8_t tmp[64];
	uint8_t padding[16];
	uint8_t sha1sum[20];
	uint8_t keyblk[256];
	uint8_t *key1;
	uint8_t *key2;

	SSL_DEBUG_MSG(2, ("=> derive keys"));

	/*
	 * SSLv3:
	 *   master =
	 *     MD5( premaster + SHA1( 'A'   + premaster + randbytes ) ) +
	 *     MD5( premaster + SHA1( 'BB'  + premaster + randbytes ) ) +
	 *     MD5( premaster + SHA1( 'CCC' + premaster + randbytes ) )
	 *
	 * TLSv1:
	 *   master = PRF( premaster, "master secret", randbytes )[0..47]
	 */
	if (ssl->resume == 0) {
		size_t len = ssl->pmslen;

		SSL_DEBUG_BUF(3, "premaster secret", ssl->premaster, len);

		if (ssl->minor_ver == SSL_MINOR_VERSION_0) {
			for (i = 0; i < 3; i++) {
				memset(padding, 'A' + i, 1 + i);

				sha1_starts(&sha1);
				sha1_update(&sha1, padding, 1 + i);
				sha1_update(&sha1, ssl->premaster, len);
				sha1_update(&sha1, ssl->randbytes, 64);
				sha1_finish(&sha1, sha1sum);

				md5_starts(&md5);
				md5_update(&md5, ssl->premaster, len);
				md5_update(&md5, sha1sum, 20);
				md5_finish(&md5, ssl->session->master + i * 16);
			}
		} else
			tls1_prf(ssl->premaster, len, "master secret",
				 ssl->randbytes, 64, ssl->session->master, 48);

		memset(ssl->premaster, 0, sizeof(ssl->premaster));
	} else
		SSL_DEBUG_MSG(3, ("no premaster (session resumed)"));

	/*
	 * Swap the client and server random values.
	 */
	memcpy(tmp, ssl->randbytes, 64);
	memcpy(ssl->randbytes, tmp + 32, 32);
	memcpy(ssl->randbytes + 32, tmp, 32);
	memset(tmp, 0, sizeof(tmp));

	/*
	 *  SSLv3:
	 *    key block =
	 *      MD5( master + SHA1( 'A'    + master + randbytes ) ) +
	 *      MD5( master + SHA1( 'BB'   + master + randbytes ) ) +
	 *      MD5( master + SHA1( 'CCC'  + master + randbytes ) ) +
	 *      MD5( master + SHA1( 'DDDD' + master + randbytes ) ) +
	 *      ...
	 *
	 *  TLSv1:
	 *    key block = PRF( master, "key expansion", randbytes )
	 */
	if (ssl->minor_ver == SSL_MINOR_VERSION_0) {
		for (i = 0; i < 16; i++) {
			memset(padding, 'A' + i, 1 + i);

			sha1_starts(&sha1);
			sha1_update(&sha1, padding, 1 + i);
			sha1_update(&sha1, ssl->session->master, 48);
			sha1_update(&sha1, ssl->randbytes, 64);
			sha1_finish(&sha1, sha1sum);

			md5_starts(&md5);
			md5_update(&md5, ssl->session->master, 48);
			md5_update(&md5, sha1sum, 20);
			md5_finish(&md5, keyblk + i * 16);
		}

		memset(&md5, 0, sizeof(md5));
		memset(&sha1, 0, sizeof(sha1));

		memset(padding, 0, sizeof(padding));
		memset(sha1sum, 0, sizeof(sha1sum));
	} else
		tls1_prf(ssl->session->master, 48, "key expansion",
			 ssl->randbytes, 64, keyblk, 256);

	SSL_DEBUG_MSG(3, ("cipher = %s", ssl_get_cipher(ssl)));
	SSL_DEBUG_BUF(3, "master secret", ssl->session->master, 48);
	SSL_DEBUG_BUF(4, "random bytes", ssl->randbytes, 64);
	SSL_DEBUG_BUF(4, "key block", keyblk, 256);

	memset(ssl->randbytes, 0, sizeof(ssl->randbytes));

	/*
	 * Determine the appropriate key, IV and MAC length.
	 */
	switch (ssl->session->cipher) {
#if defined(TROPICSSL_ARC4)
	case TLS_RSA_WITH_RC4_128_MD5:
		ssl->keylen = 16;
		ssl->minlen = 16;
		ssl->ivlen = 0;
		ssl->maclen = 16;
		break;

	case TLS_RSA_WITH_RC4_128_SHA:
		ssl->keylen = 16;
		ssl->minlen = 20;
		ssl->ivlen = 0;
		ssl->maclen = 20;
		break;
#endif

#if defined(TROPICSSL_DES)
	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
		ssl->keylen = 24;
		ssl->minlen = 24;
		ssl->ivlen = 8;
		ssl->maclen = 20;
		break;
#endif

#if defined(TROPICSSL_AES)
	case TLS_RSA_WITH_AES_128_CBC_SHA:
		ssl->keylen = 16;
		ssl->minlen = 32;
		ssl->ivlen = 16;
		ssl->maclen = 20;
		break;

	case TLS_RSA_WITH_AES_256_CBC_SHA:
	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
		ssl->keylen = 32;
		ssl->minlen = 32;
		ssl->ivlen = 16;
		ssl->maclen = 20;
		break;
#endif

#if defined(TROPICSSL_CAMELLIA)
	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
		ssl->keylen = 16;
		ssl->minlen = 32;
		ssl->ivlen = 16;
		ssl->maclen = 20;
		break;

	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
		ssl->keylen = 32;
		ssl->minlen = 32;
		ssl->ivlen = 16;
		ssl->maclen = 20;
		break;
#endif

	default:
		SSL_DEBUG_MSG(1, ("cipher %s is not available",
				  ssl_get_cipher(ssl)));
		return (TROPICSSL_ERR_SSL_FEATURE_UNAVAILABLE);
	}

	SSL_DEBUG_MSG(3, ("keylen: %d, minlen: %d, ivlen: %d, maclen: %d",
			  ssl->keylen, ssl->minlen, ssl->ivlen, ssl->maclen));

	/*
	 * Finally setup the cipher contexts, IVs and MAC secrets.
	 */
	if (ssl->endpoint == SSL_IS_CLIENT) {
		key1 = keyblk + ssl->maclen * 2;
		key2 = keyblk + ssl->maclen * 2 + ssl->keylen;

		memcpy(ssl->mac_enc, keyblk, ssl->maclen);
		memcpy(ssl->mac_dec, keyblk + ssl->maclen, ssl->maclen);

		memcpy(ssl->iv_enc, key2 + ssl->keylen, ssl->ivlen);
		memcpy(ssl->iv_dec, key2 + ssl->keylen + ssl->ivlen,
		       ssl->ivlen);
	} else {
		key1 = keyblk + ssl->maclen * 2 + ssl->keylen;
		key2 = keyblk + ssl->maclen * 2;

		memcpy(ssl->mac_dec, keyblk, ssl->maclen);
		memcpy(ssl->mac_enc, keyblk + ssl->maclen, ssl->maclen);

		memcpy(ssl->iv_dec, key1 + ssl->keylen, ssl->ivlen);
		memcpy(ssl->iv_enc, key1 + ssl->keylen + ssl->ivlen,
		       ssl->ivlen);
	}

	switch (ssl->session->cipher) {
#if defined(TROPICSSL_ARC4)
	case TLS_RSA_WITH_RC4_128_MD5:
	case TLS_RSA_WITH_RC4_128_SHA:
		arc4_setup((arc4_context *) ssl->ctx_enc, key1, ssl->keylen);
		arc4_setup((arc4_context *) ssl->ctx_dec, key2, ssl->keylen);
		break;
#endif

#if defined(TROPICSSL_DES)
	case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
	case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
		des3_set3key_enc((des3_context *) ssl->ctx_enc, key1);
		des3_set3key_dec((des3_context *) ssl->ctx_dec, key2);
		break;
#endif

#if defined(TROPICSSL_AES)
	case TLS_RSA_WITH_AES_128_CBC_SHA:
		aes_setkey_enc((aes_context *) ssl->ctx_enc, key1, 128);
		aes_setkey_dec((aes_context *) ssl->ctx_dec, key2, 128);
		break;

	case TLS_RSA_WITH_AES_256_CBC_SHA:
	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
		aes_setkey_enc((aes_context *) ssl->ctx_enc, key1, 256);
		aes_setkey_dec((aes_context *) ssl->ctx_dec, key2, 256);
		break;
#endif

#if defined(TROPICSSL_CAMELLIA)
	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA:
		camellia_setkey_enc((camellia_context *) ssl->ctx_enc, key1,
				    128);
		camellia_setkey_dec((camellia_context *) ssl->ctx_dec, key2,
				    128);
		break;

	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA:
	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA:
		camellia_setkey_enc((camellia_context *) ssl->ctx_enc, key1,
				    256);
		camellia_setkey_dec((camellia_context *) ssl->ctx_dec, key2,
				    256);
		break;
#endif

	default:
		return (TROPICSSL_ERR_SSL_FEATURE_UNAVAILABLE);
	}

	memset(keyblk, 0, sizeof(keyblk));

	SSL_DEBUG_MSG(2, ("<= derive keys"));

	return (0);
}
Esempio n. 12
0
void
crypto_sha1_final(CryptoSha1 sha1, uint8 * out_data)
{
	sha1_finish(&sha1->ctx, out_data);
	xfree(sha1);
}
Esempio n. 13
0
void CServer::RunOTThread()
{
	cout << "\not thread started\n" << flush;

	// IKNP-first step: receiver of Naor-Pinkas  
	ZZ& p = CConfig::GetInstance()->GetPrime();
	ZZ  q = p/2 - 1;
	ZZ& g = CConfig::GetInstance()->GetGenerator();
	

	// NP receiver: receive Cs
	int nBufSize = NUM_EXECS_NAOR_PINKAS * FIELD_SIZE_IN_BYTES;
	BYTE* pBuf = new BYTE[nBufSize];
	m_sockOT.Receive(pBuf, nBufSize);
	
	ZZ* pC = new ZZ[NUM_EXECS_NAOR_PINKAS];
	BYTE* pBufIdx = pBuf;
	for(int i=0, idx=0; i<NUM_EXECS_NAOR_PINKAS; i++)
	{
		ZZFromBytes(pC[i], pBufIdx, FIELD_SIZE_IN_BYTES);
		pBufIdx += FIELD_SIZE_IN_BYTES;

		#ifdef _DEBUG
		cout << "pC[" << i <<"]: " << pC[i] << endl;
		#endif
		
	}


	// compute pk0, pk1
	CBitVector rnd;
	rnd.Create(NUM_EXECS_NAOR_PINKAS*FIELD_SIZE_IN_BITS, m_aSeed, m_nCounter);
	BYTE* pBufRnd = rnd.GetArr();
	ZZ* pK = new ZZ[NUM_EXECS_NAOR_PINKAS];
	ZZ ztmp;
	for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++)
	{
		ZZFromBytes(ztmp, pBufRnd, FIELD_SIZE_IN_BYTES);
		pBufRnd += FIELD_SIZE_IN_BYTES;
		rem(pK[i], ztmp, q);
	}

	pBufIdx = pBuf;
	ZZ pk0, pk1;

	for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++)
	{
		// compute pk0, pk1
		if( !m_S.GetBit(i) )
		{
			PowerMod(pk0, g, pK[i], p);
		}
		else
		{
			PowerMod(pk1, g, pK[i], p);

			//pk0 = pC[i]/pk1;
			InvMod(ztmp, pk1, p);
			MulMod(pk0, pC[i], ztmp, p);
		}

		#ifdef _DEBUG
		cout << "pk0[" << i << "]: " << pk0 << endl;
		#endif
		
		// put pk0
		BytesFromZZ(pBufIdx, pk0, FIELD_SIZE_IN_BYTES);
		pBufIdx += FIELD_SIZE_IN_BYTES;

	}


	m_sockOT.Send(pBuf, nBufSize);
	delete [] pC;
	delete [] pBuf;
	
	if( m_bStop ) return;

	// NP receiver: get the g^r0, Enc(M0), g^r2, Enc(M1) 
	int nInputStart = m_pCircuit->GetInputStart(ID_CLIENT);
	int nInputEnd = m_pCircuit->GetInputEnd(ID_CLIENT);

	int nMsgSize = (nInputEnd-nInputStart)/SHA1_BITS + 1;		// in sha1 scale
	int nMsginOT = FIELD_SIZE_IN_BYTES + nMsgSize*SHA1_BYTES;  
	int nBufSize2 = NUM_EXECS_NAOR_PINKAS * nMsginOT * 2;   
	BYTE* pBuf2 = new BYTE[nBufSize2];
	m_sockOT.Receive(pBuf2, nBufSize2);
	
	ZZ w;
	ZZ key;
	BYTE tmp[FIELD_SIZE_IN_BYTES];

	sha1_context sha;
	SHA_BUFFER buf_key;
	
	BYTE** ppMat = new BYTE*[NUM_EXECS_NAOR_PINKAS];
	BYTE* pBufToRead;
	BYTE* pBufMatIdx;

	pBufIdx = pBuf2;
	for(int i=0, idx=0; !m_bStop && i<NUM_EXECS_NAOR_PINKAS; i++)
	{
		ppMat[i] = new BYTE[nMsgSize*SHA1_BYTES];
		
		if( !m_S.GetBit(i))
		{
			pBufToRead = pBufIdx;
			pBufIdx +=  nMsginOT + nMsginOT;
		}
		else
		{
			pBufIdx += nMsginOT;  
			pBufToRead = pBufIdx;
			pBufIdx += nMsginOT; 
		}

		ZZFromBytes(w, pBufToRead, FIELD_SIZE_IN_BYTES);
		pBufToRead += FIELD_SIZE_IN_BYTES;
		PowerMod(key, w, pK[i], p);
		BytesFromZZ(tmp, key, FIELD_SIZE_IN_BYTES);
	 	 
		sha1_starts(&sha);
		sha1_update(&sha, tmp, FIELD_SIZE_IN_BYTES);
		sha1_finish(&sha, (BYTE*) &buf_key);	

		pBufMatIdx=ppMat[i];
		for(int j=0; j<nMsgSize; j++)
		{
			sha1_starts(&sha);
			sha1_update(&sha, (BYTE*) &buf_key, sizeof(buf_key));
			sha1_update(&sha, (BYTE*) &j, sizeof(int)); 
			sha1_finish(&sha, tmp);
			 
			for(int x=0; x<SHA1_BYTES; x++, pBufMatIdx++, pBufToRead++ )
			{
 				*(pBufMatIdx) = *(pBufToRead) ^ tmp[x];
		 	}
		}
	} 
	delete [] pK;
	
	if( m_bStop ) return;


	// IKNP-second step: send the keys for client inputs
	int nInputSize = nInputEnd - nInputStart + 1;
	KEY* pKeys = new KEY[nInputSize*2];
	YAO_WIRE* wire;
	KEY* wirekey;
	
	CBitVector qj;
	qj.Create(NUM_EXECS_NAOR_PINKAS); 

	int j=0; // 0-starting index
	KEY* pKeyIdx = pKeys; 
	
	for(int i=nInputStart; !m_bStop && i<=nInputEnd; i++,j++)
	{
		while( m_nGatesDone < i ) {
			SleepMiliSec(100);
		}

		// compute qj
		for(int r=0; r<NUM_EXECS_NAOR_PINKAS; r++)
		{
			qj.SetBit( r, ppMat[r][j/8] & bitmask[j & 0x7] );
		}
 
		// compute hash
		sha1_starts(&sha);
		sha1_update(&sha,  qj.GetArr(), NUM_EXECS_NAOR_PINKAS/8);
		sha1_update(&sha, (BYTE*)&j, sizeof(int));
		sha1_finish(&sha, (BYTE*)&buf_key);
		
		// y0
		wire = m_pYaoWires+i;
		wirekey = wire->keys + wire->b;
		XOR_KEYP3( pKeyIdx, (&buf_key), wirekey );
		pKeyIdx++;

		// compute qj xor s
		for(int x=0; x<NUM_EXECS_NAOR_PINKAS/8; x++ )
			qj.GetArr()[x] ^=  m_S.GetByte(x);
		
		/*
		#ifdef _DEBUG
		cout << "qj xor s = "; 
		for(int z=0; z<NUM_EXECS_NAOR_PINKAS; z++)
			cout << (int) qj.GetBit(z);
		cout << endl; 
		#endif
		*/

		// y1
		sha1_starts(&sha);
		sha1_update(&sha,  qj.GetArr(), NUM_EXECS_NAOR_PINKAS/8);
		sha1_update(&sha, (BYTE*)&j, sizeof(int));
		sha1_finish(&sha, (BYTE*)&buf_key);
	 
		wirekey = wire->keys + (wire->b^1);
		XOR_KEYP3( pKeyIdx, (&buf_key), wirekey );
		pKeyIdx++;
	}
	m_sockOT.Send( pKeys, nInputSize*sizeof(KEY)*2);

	// clean-up
	
	delete [] pBuf2; 
	for(int i=0; i<NUM_EXECS_NAOR_PINKAS; i++)
	{
		delete [] ppMat[i];
	}
	delete [] ppMat;  
	delete [] pKeys;  
	
	cout << "\not thread ended \n" << flush;
}
Esempio n. 14
0
BOOL CServer::Init()
{
	// circuit
	CConfig* cf = CConfig::GetInstance();
	int nInputs = cf->GetNumInputs();
		
	if( !cf->GetCircFileName().empty() )
	{
		m_pCircuit = LOAD_CIRCUIT_BIN(cf->GetCircFileName().c_str());

		if(!m_pCircuit)
		{
			cout << "failure in loading circuit " << cf->GetCircFileName() << endl;
			return FALSE;
		}
	}
	else
	{
		m_pCircuit = CREATE_CIRCUIT(cf->GetNumParties(), cf->GetCircCreateName(), cf->GetCircCreateParams() );
	}

	m_pGates = m_pCircuit->Gates();
	m_nNumGates = m_pCircuit->GetNumGates();

	// bind the constant
	m_pGates[0].val = 0;
	m_pGates[1].val = 1;
	
	// bind the input
	int nBits = m_pCircuit->GetNumVBits(ID_SERVER);
	int nStart = m_pCircuit->GetInputStart(ID_SERVER);
	int nEnd = m_pCircuit->GetInputEnd(ID_SERVER);

	vector<int> vIn;
	CConfig::GetInstance()->GetInput(vIn);	
	//cout << "s=" << nStart << " e= " << nEnd << endl;
	
	int j=nStart;
	for( int i=0; i<nInputs && j <=nEnd; i++ ) 
	{
		for(int k=0; k<nBits && j<=nEnd; k++ )
		{
			int mask = (1 << k );
			m_pGates[j++].val = !!(vIn[i] & mask);
		}
	}
	 
	#ifdef _DEBUG
	
	if( nInputs == 10 )
	{
		j = nStart;
		for( int i=0; i<nInputs; i++ )
		{
			cout << "id[" << i << "]: ";
	
			for(int k=0; k<nBits; k++ )
			{
				cout << (int) m_pGates[j].val;
				j++;
			}
			cout << endl;
		}
		assert(j == nEnd+1);


		int i= m_pCircuit->GetInputStart(ID_CLIENT); 
		m_pGates[i++].val = 0;
		m_pGates[i++].val = 0;
		m_pGates[i++].val = 1;
		m_pGates[i++].val = 0;
		m_pGates[i++].val = 0;
		m_pGates[i++].val = 1;
		m_pGates[i++].val = 1;
		m_pGates[i++].val = 0;
		m_pGates[i++].val = 0;
		m_pGates[i++].val = 0;
 		m_pCircuit->Evaluate();
	}
	#endif

	// yao
	m_pYaoWires = new YAO_WIRE[m_nNumGates];
	m_pYaoGates  = new YAO_GARBLED_GATE[m_nNumGates - m_pCircuit->GetGateStart()];
	m_vOutGates.reserve(1024);
	m_nGatesDone = -1;
	m_nWiresDone = -1;

	// randomness
	sha1_context sha;
	sha1_starts(&sha);
	sha1_update(&sha, (BYTE*) cf->GetSeed().c_str(), cf->GetSeed().length());
	sha1_finish(&sha, m_aSeed);
	m_nCounter = 1;
	
	// batch parameters
 	m_nGateBatch = NUM_GATE_BATCH;
	m_nKeyBatch = NUM_KEY_BATCH; 
	 

	// IKNP
	m_S.Create(NUM_EXECS_NAOR_PINKAS, m_aSeed, m_nCounter );

	m_bStop = FALSE;

	return TRUE;
}
Esempio n. 15
0
/* spl_image defined in spl.c */
void spl_sboot_extend(void)
{
	uint8_t csum[20];
	uint8_t out_digest[20];

	uint8_t image_buffer[SBOOT_SPL_READ_SIZE];
	SHA1_CTX ctx;

#ifdef CONFIG_SBOOT_TIMING
	uint32_t timer_begin = get_timer_masked();
#endif

	sha1_starts(&ctx);
	/* Only support MMC/FAT */
#if defined(CONFIG_SPL_MMC_SUPPORT) && defined(CONFIG_SPL_FAT_SUPPORT)
	/* Todo: add a configuration option to limit the memory read length.
	 * This will allow us to SHA1 in blocks.
	 * Todo: add a configuration option to use the TPM's SHA1 for extreme
	 * memory contention scenarios. */
	sha1_update(&ctx, (unsigned char *) spl_image.load_addr, spl_image.size);
#else
#warning "Warning: sboot does not support the U-Boot storage configuration."
#endif
	sha1_finish(&ctx, csum);

	if (sboot_extend(SBOOT_PCR_UBOOT, csum, out_digest) != SBOOT_SUCCESS) {
		puts("SPL: (sboot) error while measuring U-Boot\n");
		goto finished;
	}

	sha1_starts(&ctx);
	/* Extend EEPROM, support I2C only */
#ifdef CONFIG_ENV_EEPROM_IS_ON_I2C
	/*
	for (i = 0; i * SBOOT_SPL_READ_SIZE < CONFIG_SYS_I2C_EEPROM_SIZE; ++i) {
		memset(image_buffer, 0, SBOOT_SPL_READ_SIZE);
		if (i2c_read(CONFIG_SYS_I2C_EEPROM_ADDR, 0, CONFIG_SYS_I2C_EEPROM_ADDR_LEN,
				image_buffer, SBOOT_SPL_READ_SIZE)) {
			puts("SPL: (sboot) could not read the EEPROM\n");
			return;
		}
		sha1_update(&ctx, image_buffer, SBOOT_SPL_READ_SIZE);
	}*/
	debug("SPL: (sboot) measuring EEPROM\n");
	i2c_read(CONFIG_SYS_I2C_EEPROM_ADDR, 0, CONFIG_SYS_I2C_EEPROM_ADDR_LEN, image_buffer, CONFIG_SYS_I2C_EEPROM_SIZE);
	sha1_update(&ctx, image_buffer, CONFIG_SYS_I2C_EEPROM_SIZE);
	debug("SPL: (sboot) finished\n");
#else
#warning "Warning: sboot does not support the ENV storage configuration."
#endif
	sha1_finish(&ctx, csum);

	if (sboot_extend(SBOOT_PCR_CHIPSET_CONFIG, csum, out_digest) != SBOOT_SUCCESS) {
		puts("SPL: (sboot) error while measuring chipset config\n");
		goto finished;
	}

finished:
#ifdef CONFIG_SBOOT_TIMING
	report_time("extend", get_timer_masked() - timer_begin);
#endif

	return;
}
Esempio n. 16
0
File: digest_C.c Progetto: cran/SoDA
static char * digest_string(
			   char *txt,
			   int algo,
			   int  length,
			   char *output) {
  FILE *fp=0;
  error_message = NULL;
  int nChar = strlen(txt);
  if (length>=0 && length<nChar) nChar = length;
  
  switch (algo) {
    case 1: {			/* md5 case */
      md5_context ctx;
      unsigned char md5sum[16];
      int j;

      md5_starts( &ctx );
      md5_update( &ctx, (uint8 *) txt, nChar);
      md5_finish( &ctx, md5sum );

      for(j = 0; j < 16; j++) {
	sprintf(output + j * 2, "%02x", md5sum[j]);
      }
      break;
    }
    case 2: {			/* sha1 case */
      int j;
      sha1_context ctx;
      unsigned char sha1sum[20];

      sha1_starts( &ctx );
      sha1_update( &ctx, (uint8 *) txt, nChar);
      sha1_finish( &ctx, sha1sum );

      for( j = 0; j < 20; j++ ) {
	sprintf( output + j * 2, "%02x", sha1sum[j] );
      }
      break;
    }
    case 3: {			/* crc32 case */
      unsigned long val, l;
      l = nChar;

      val  = digest_crc32(0L, 0, 0);
      val  = digest_crc32(val, (unsigned char*) txt, (unsigned) l);
      
      sprintf(output, "%2.2x", (unsigned int) val);

      break;
    }
    case 101: {			/* md5 file case */
      int j;
      md5_context ctx;
      unsigned char buf[1024];
      unsigned char md5sum[16];

      if (!(fp = fopen(txt,"rb"))) {
        error_message = (strcat("Can not open input file: ", txt));    
        return (char *)NULL;
      }
      md5_starts( &ctx );
      if (length>=0) {  
        while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0 
	       && length>0) {
          if (nChar>length) nChar=length;
          md5_update( &ctx, buf, nChar );
          length -= nChar;
        }
      } else {
        while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0) 
          md5_update( &ctx, buf, nChar );
      }
      fclose(fp);
      md5_finish( &ctx, md5sum );
      for(j = 0; j < 16; j++) sprintf(output + j * 2, "%02x", md5sum[j]);
      break;
    }
    case 102: {			/* sha1 file case */
      int j;
      sha1_context ctx;
      unsigned char buf[1024];
      unsigned char sha1sum[20];
      
      if (!(fp = fopen(txt,"rb"))) {
        error_message = (strcat("Can not open input file: ", txt));    
        return (char *)NULL;
      }
      sha1_starts ( &ctx );
      if (length>=0) {  
        while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0 
	       && length>0) {
          if (nChar>length) nChar=length;
          sha1_update( &ctx, buf, nChar );
          length -= nChar;
        }
      } else {
        while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0) 
          sha1_update( &ctx, buf, nChar );
      }
      fclose(fp);
      sha1_finish ( &ctx, sha1sum );
      for( j = 0; j < 20; j++ ) sprintf( output + j * 2, "%02x", sha1sum[j] );
      break;
    }
    case 103: {			/* crc32 file case */
      unsigned char buf[1024];
      unsigned long val;
      
      if (!(fp = fopen(txt,"rb"))) {
        error_message = (strcat("Can not open input file: ", txt));    
        return (char *)NULL;
      }
      val  = digest_crc32(0L, 0, 0);
      if (length>=0) {  
        while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0 
	       && length>0) {
          if (nChar>length) nChar=length;
          val  = digest_crc32(val , buf, (unsigned) nChar);
          length -= nChar;
        }
      } else {
        while( ( nChar = fread( buf, 1, sizeof( buf ), fp ) ) > 0) 
          val  = digest_crc32(val , buf, (unsigned) nChar);
      }
      fclose(fp);      
      sprintf(output, "%2.2x", (unsigned int) val);
      break;
    }

    default: {
      error_message = ("Unsupported algorithm code");
      return (char *)NULL;
    }  
  }
    
  return output;

}
Esempio n. 17
0
static void SHA1_Final(unsigned char digest[20], SHA_CTX *ctx)
{
  sha1_finish(ctx, digest);
}
Esempio n. 18
0
int main(void) {
    socklen_t fromlen;
    int len, n, server_socket, fd_log;
    unsigned long int nb_written;
    struct sockaddr_in client_addr;
    struct sockaddr_in server_addr;
    unsigned char logbuf[MAX_LOG_PKT_SZ];
    unsigned char sha1sum[SHA1_SZ];
    sha1_context sha1;

    create_log(&fd_log);
    nb_written = 0;

    /* start the UDP listening server */

    if ((server_socket = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) {
	server_err("Socket creation failed: %d\n", errno);
	exit(1);
    }

    n = 1;

    if (setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR,
	    (void *) &n, sizeof ( n)) < 0) {
	server_err("Set socket options failed: %d\n", errno);
	exit(1);
    }

    server_addr.sin_family = AF_INET;
    server_addr.sin_port = htons(SHELL_LOG_SERVER_PORT);
    server_addr.sin_addr.s_addr = htonl(INADDR_ANY);

    if (bind(server_socket, (struct sockaddr *) &server_addr,
	    sizeof ( server_addr)) < 0) {
	server_err("Bind socket failed: %d\n", errno);
	exit(1);
    }

    if (fork() != 0)
	exit(0);

    setsid();

    while (1) {
	fromlen = sizeof (client_addr);

	if ((len = recvfrom(server_socket, &logbuf[IP_SZ + LENGTH_SZ], BUF_SZ, 0,
		(struct sockaddr *) &client_addr,
		&fromlen)) < MIN_TRANSFER_PKT_SZ) {
	    //	    sleep(1);
	    continue;
	}

	server_dbg("Received packet: %d\n", len);

	sha1_starts(&sha1);
	sha1_update(&sha1, logbuf + IP_SZ + LENGTH_SZ + RC4_SZ, len - RC4_SZ - SHA1_SZ);
	sha1_finish(&sha1, sha1sum);

	if (memcmp(logbuf + IP_SZ + LENGTH_SZ + len - SHA1_SZ, sha1sum, SHA1_SZ) != 0) {
	    server_err("SHA-1 checksum verification failed\n");
	    continue;
	}

	memcpy(logbuf, &client_addr.sin_addr.s_addr, IP_SZ);
	memcpy(&logbuf[IP_SZ], &len, LENGTH_SZ);

	server_dbg("From : %d.%d.%d.%d\n",
		(client_addr.sin_addr.s_addr) & 0xFF,
		(client_addr.sin_addr.s_addr >> 8) & 0xFF,
		(client_addr.sin_addr.s_addr >> 16) & 0xFF,
		(client_addr.sin_addr.s_addr >> 24) & 0xFF
		);

	write(fd_log, logbuf, IP_SZ + LENGTH_SZ + len);

	nb_written += (IP_SZ + LENGTH_SZ + len);

	if (nb_written > MAX_LOG_SIZE) {
	    nb_written = 0;
	    close(fd_log);
	    create_log(&fd_log);
	}
    }

    return ( 0);
}
Esempio n. 19
0
const wxString wxSHA1::GetDigest(bool mainthread)
{
    if (m_isfile)
    {
        if(m_bCalculatedDigest)
        {
            const wxString szRetVal = m_pszDigestString;
            return szRetVal;
        }
        else if(!m_file.FileExists())
        {
            return wxEmptyString;
        }
        else
        {
            sha1_context sha1Context;
            sha1_starts(&sha1Context);
            wxFile sha1file(m_file.GetFullPath(), wxFile::read);
            unsigned char buffer[16384];
            unsigned int i = 1;
            while (i >0)
            {
                i = sha1file.Read(buffer,16384);
                sha1_update(&sha1Context, buffer, (unsigned) i);
                if (mainthread)
                    wxYield();
            }
            sha1_finish(&sha1Context,m_arrDigest);

            wxString szRetVal;
            unsigned int j=0;
            for (i = 0; i < sizeof m_arrDigest; i++)
            {
                szRetVal << wxString::Format(wxT("%02X"),m_arrDigest[i]);
                m_pszDigestString[j] = szRetVal.GetChar(j);
                m_pszDigestString[j+1] = szRetVal.GetChar(j+1);
                j+=2;
            }
            return szRetVal;
        }
    }
    else
    {
        if(m_bCalculatedDigest)
        {
            const wxString szRetVal = m_pszDigestString;
            return szRetVal;
        }
        else if(m_szText.IsEmpty())
        {
            return wxEmptyString;
        }
        else
        {
            sha1_context sha1Context;
            sha1_starts(&sha1Context);
            char *text = new char[m_szText.Len()+1];
            unsigned int i;
            for (i=0; i < (m_szText.Len());i++)
                text[i] = m_szText.GetChar(i);
            text[i] = '\0';

            sha1_update(&sha1Context, (unsigned char*)(text), strlen(text));
            sha1_finish(&sha1Context,m_arrDigest);

            wxString szRetVal;
            unsigned int j=0;
            for (i = 0; i < sizeof m_arrDigest; i++)
            {
                szRetVal << wxString::Format(wxT("%02X"),m_arrDigest[i]);
                m_pszDigestString[j] = szRetVal.GetChar(j);
                m_pszDigestString[j+1] = szRetVal.GetChar(j+1);
                j+=2;
            }
            return szRetVal;
        }
    }
}
Esempio n. 20
0
static void sha1_finish_wrap( void *ctx, unsigned char *output )
{
    sha1_finish( (sha1_context *) ctx, output );
}
Esempio n. 21
0
/*
void generate_mac(const char *data, const char *key, unsigned char *mac) {
  unsigned int h[5];
  sha1_init(h);
  sha1_update(key, h);
  sha1_update(data);
  sha1_finish(mac);

}
*/
int main(int argc, char *argv[]) {
  unsigned char mac[20];
  char buff[128];
  unsigned char tamp[2048];
  const char *data = "comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon";

  init_key();

  generate_mac(SHA1, data, strlen(data), secret_key, secret_key_len, mac);
  hexencode(mac, 20, buff);
  buff[40] = '\0';
  printf("digest: %s\n", buff);
  printf("mac valid: %d\n", validate_mac(SHA1, data, strlen(data), secret_key, secret_key_len, mac));
  strcpy(tamp, data);
  strcat(tamp, ";admin=true");
  printf("tampered msg mac valid: %d\n", validate_mac(SHA1, tamp, strlen(tamp), secret_key, secret_key_len, mac));

  // now try to bruteforce a valid message by continuing the existing mac.
  //
  // valid mac is based on sha1(key || msg) which is generated by sha1_update(key || msg || padding0)

  // we want sha1(key || msg || padding0 || tampering || padding1) to be valid, 
  // for that we need to guess key length and append tampering and continue
  // the sha1 hash function over padding and tampering.

  // padding = | 0x80 0000 ... 0000 LEN | where 
  // 

  // tampered mac

  unsigned char tampmac[20];

  int msglen = strlen(data);
  int keylen = 0; // start with a zero length key  
  int valid;

  do {
    
    // the sha1 state we will continue on
    //
    //                      h[5]
    //                       |              
    // key || msg || padding0
    //
    
    unsigned int h[5];
    int i;
    for(i = 0; i < 5; i++) {
      h[i] = (mac[i*4] << 24) | (mac[i*4+1] << 16) | (mac[i*4+2] << 8) | mac[i*4+3];
      //    printf("h[%d] = %08X\n", i, h[i]);
    } 

    strcpy(tamp, ";admin=true");

    int key_data_padding0_len =  ((keylen + msglen + 9) + 64 - (keylen + msglen + 9) % 64);
    int tamp_len = strlen(tamp);

    // the length of the tampered message, that is msglen + keylen + padding + tamp

    // calculate tampered mac

    // the sha1 state we will continue on
    //
    //                       h[5]  ---->      tamp_mac
    //                         |                |
    // key || msg || padding0 || tamp || padding1
    //


    sha1_finish(tamp, key_data_padding0_len + tamp_len, h, tampmac);

    //printf("tampered mac:\n");
    //hexdump(tampmac, 20);
  
    // generate tampered the message, that is, original message + padding0 + tampered data
    strcpy(tamp, data);

    // append padding0 after original message
    //
    // length of padding0 is (key+msg+9+64) - (key+msg+9+64) % 64
  
    unsigned char *p = tamp+strlen(tamp);

    *p++ = 0x80;
    // nullpadd until 8 bytes from block boundary
    while( (keylen + (p - (unsigned char *)tamp) ) % 64 != 56) {
      *p++ = 0;
    }

    // first 32 bits of 64 bit length indicator is zero
    *p++ = 0;
    *p++ = 0;
    *p++ = 0;
    *p++ = 0;
  
    unsigned int bits = 8*(msglen + keylen);

    // append the 32 bit length field
    *p++ = bits >> 24;
    *p++ = bits >> 16;
    *p++ = bits >> 8;
    *p++ = bits & 0xff;

    // append tampering
    strcpy(p, ";admin=true");
    p += strlen(p);

    int tampered_msg_len = p - tamp;

    //printf("Validate mac using length: %d\n", tampered_msg_len);
    //hexdump(tamp, tampered_msg_len);

    valid = validate_mac(SHA1, tamp, tampered_msg_len, secret_key, secret_key_len, tampmac);

    if(!valid) {
      keylen++;
      printf("Message not accepted, try larger keylength %d\n", keylen);
    } else {
      printf("tampered message accepted, guessed keylength: %d\n", keylen);
    }

  } while(!valid && keylen < 256);  


  if(!valid) {
    printf("Failed to get tampered message accepted\n");
  }
}